Leveling up your application security program by David Rook
In this talk, David will relay lessons learned from his time building the application security program and culture at Riot Games. David will give an overview of how Riot approaches application security in a fast paced, agile environment. This will include how Riot implements controls which do not negatively impact product development or player experience. David will explain how Riot provides secure coding guidance to software engineers, works with QA, and maintains an application security community of practice. This talk will also include demonstrations of custom security tools we’ve developed to help our engineers produce secure code. There are many options when it comes to understanding and improving an application security program. This talk will address Riot’s efforts in this regard.